Cyberwarfare / Nation-State Attacks,
Fraud Management & Cybercrime
Nation-State Hackers Sheltering from Bombardment or Offline Due to Internet Disruptions
Iranian cyber proxies are preparing for actions as state-sponsored hackers in Tehran have gone silent, possibly due to threats from missile attacks or internet disconnections resulting from ongoing U.S. and Israeli military operations. As the third day of strikes unfolds, observed telemetry suggests Iran experienced a communications blackout, possibly from a cyber assault or preemptive internet shutdown akin to tactics seen during previous unrest in the country.
CrowdStrike, a cybersecurity firm, reported no significant state-backed cyber activities from Iran as of Monday, although various pro-Iranian factions are increasingly active online. “Much of the current noise seems motivated by agenda rather than substantiated evidence,” stated Adam Meyers, the firm’s head of counter-adversary operations, noting a stark decline in observed Iranian cyber activity.
As the U.S. military deploys powerful weaponry, such as Tomahawk cruise missiles, into the conflict zone, experts emphasize the tangible physical dimensions of cyber warfare. Kathryn Raines, a senior threat intelligence analyst at Flashpoint, highlighted the likelihood that those behind Iranian cyber operations are currently seeking shelter from aerial assaults or unable to connect to the internet due to the widespread connectivity issues.
Amazon Web Services reported a power outage at one of its data centers in the United Arab Emirates resulting from debris-related incidents leading to sparks and fire, further complicating service in the region. Concurrently, AWS noted another localized power disruption in Bahrain that affected several service operations across the Middle East.
Amidst this turmoil, experts warn against complacency among Western cyber defenders. The U.K.’s National Cyber Security Centre cautioned that Iranian state-affiliated cyber actors likely still hold the capability for cyber operations despite the apparent lull. Organizations with interests in the Middle East face heightened risks from potential attacks, as groups aligned with Iran are reportedly operating autonomously, forming what they term a “Cyber Islamic Resistance.”
The hackers have made claims regarding intrusions impacting targets in the Middle East, the United States, and beyond. Notably, a group associated with the Islamic Revolutionary Guard Corps, deemed “Hydro Kitten” by CrowdStrike, has announced plans to target the financial sector and claimed success in breaching systems related to a Jordanian wheat firm and an Israeli company’s surveillance technologies.
As disinformation spreads rapidly across social media regarding the conflict, various fake narratives and misleading data have surfaced. Industry professionals underscore a marked increase in false breach information. Reports indicate that the Iranian populace is grappling with psychological operations, including hacked applications urging military personnel to surrender with promises of safety, alongside altered broadcast messages leveraging media platforms for psychological warfare.
With ongoing military operations and the potential for extended conflict, the current state of cyber activity remains dynamic and fraught with uncertainty. U.S. Secretary of Defense Pete Hegseth characterized the operational landscape as markedly different from past conflicts, hinting at a more defined temporal framework. As regional developments continue to unfold, it remains essential for organizations to stay vigilant against the backdrop of evolving threats fueled by geopolitical tensions and conflicts.